CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
76.2%
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
Vendor | Product | Version | CPE |
---|---|---|---|
barracudanetworks | barracuda_ssl_vpn | * | cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:*:*:*:*:*:*:*:* |
barracudanetworks | barracuda_ssl_vpn | 1.2.6.004 | cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.2.6.004:*:*:*:*:*:*:* |
barracudanetworks | barracuda_ssl_vpn | 1.5.0.29 | cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.5.0.29:*:*:*:*:*:*:* |